NIST should encourage flexible application of the Federal Profile, based on the risk management principles that undergird NISTIR 8259 and NISTIR 8259A.

[JustinPerkins-CTIA]

Organization Name: CTIA Organization Type: Association that represents the U.S. wireless communications industry and the companies throughout the mobile ecosystem that enable Americans to lead a 21st century connected life. Document (Technical capabilities, Nontechnical capabilities): Both technical and nontechnical capabilities Feedback: NIST should reiterate that the Capabilities, Sub-Capabilities, and Elements of the Federal Profile should be flexibly applied, driven by the unique implementation scenarios and risk profiles for each individual Federal government agency. Even within the Federal context, flexibility is key to ensuring a risk-based approach to securing IoT devices. See attachment for CTIA’s full submission; Section III provides the full rationale for this feedback. Organization: Industry

CTIA Comments re NIST Federal Profile - 08-07-2020.pdf

[kevingbrady]

"Thank you for your comments. They've been reviewed and have been useful to our technical team. You will soon see the updated versions of these catalogs on the new GitHub page: IoT Device Cybersecurity Requirements Catalog."